From owner-freebsd-hackers Thu Oct 10 15:10:52 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D6CB37B401 for ; Thu, 10 Oct 2002 15:10:51 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E94D43EBE for ; Thu, 10 Oct 2002 15:10:50 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.12.4/8.12.4) with SMTP id g9AMALOo039752; Thu, 10 Oct 2002 18:10:21 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 10 Oct 2002 18:10:21 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Steve Kudlak Cc: "Roman V. Mashak" , "'hackers@freebsd.org'" , "Nelson, Trent ." Subject: Re: C-2(Security) blues and the like In-Reply-To: <3DA5A764.68AA7199@ovis.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 10 Oct 2002, Steve Kudlak wrote: > It has been a long time since I dealt with those arcane security > matters. At least they are obscure and arcane to most people. Many > consider me to be babbling when I go on about these things. If I start > saying "rainbow books" (the NSA's security books are in different > colors) many people assume that I am crazy.:) > > Most of the stuff I did involved C-2 security and all the logging and > authentication stuff. An assumption seems to have been made that > "logging in" via ftp was the same as logging in via tty or machine. This > is not so. The ftp code "establishes a user" the login code gets the > user a shell and all that. For awhile in some OSes with C-2 security if > one was going to mount a dictionary attack on some user or ever root, > ftp would have been away to go. It would allow one a large amount of > attacks with logging. One would definitely get more than 3 attempts to > "login". It was a way around C-2 security and was in my opinion a > pretty serious compromise. Logging ftp "logins" and ftp use were > proposed fixes. I just had to find the problems not fix them. > > Hmmm...maybe I will post this to BSD hackers and if someone says it is > off topic I will shut up. Perhaps I should as this info is kind of old. > But the important to watch for these little back door tricks. Note I > have not as of late read the FreeBSD ftp code. Perhaps I should. This would be on topic for trustedbsd-discuss@TrustedBSD.org, but you should go review current language, documents, and specifications, or you'll cover a lot of previously covered ground. The first thing you are probably interested in is the Common Criteria description, which I believe is available from ISO. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message